mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 21:49:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,42 @@
|
||||
# Standards and References - Runtime Security with Tetragon
|
||||
|
||||
## Industry Standards
|
||||
|
||||
### NIST SP 800-190: Application Container Security Guide
|
||||
- Section 4.2: Runtime monitoring and anomaly detection for containers
|
||||
- Section 4.4: Container-level network monitoring requirements
|
||||
- Recommends kernel-level security monitoring for container environments
|
||||
|
||||
### CIS Kubernetes Benchmark v1.9
|
||||
- Control 5.7.1: Create administrative boundaries between resources using namespaces
|
||||
- Control 5.7.3: Apply Security Context to pods and containers
|
||||
- Control 5.7.4: The default namespace should not be used
|
||||
|
||||
### MITRE ATT&CK for Containers
|
||||
- T1611: Escape to Host -- Tetragon detects namespace manipulation attempts
|
||||
- T1059.004: Command and Scripting Interpreter: Unix Shell -- process execution monitoring
|
||||
- T1053.007: Container Orchestration Job -- detects unauthorized job creation
|
||||
- T1496: Resource Hijacking -- crypto-miner detection and blocking
|
||||
|
||||
## CNCF Landscape Positioning
|
||||
|
||||
Tetragon is positioned in the CNCF Runtime Security category alongside:
|
||||
- Falco (audit-log and syscall-based detection)
|
||||
- KubeArmor (LSM-based enforcement)
|
||||
- Tracee (eBPF-based tracing)
|
||||
|
||||
### Key Differentiators
|
||||
- Kernel-level filtering reduces event volume before reaching user space
|
||||
- Native enforcement (Sigkill/Override) without requiring separate enforcement engine
|
||||
- Deep integration with Cilium for combined network + runtime security
|
||||
- TracingPolicy CRD for Kubernetes-native policy management
|
||||
|
||||
## Compliance Mapping
|
||||
|
||||
| Requirement | Framework | Tetragon Capability |
|
||||
|-------------|-----------|-------------------|
|
||||
| Runtime threat detection | PCI DSS 11.5 | TracingPolicy with file integrity monitoring |
|
||||
| Unauthorized process detection | SOC 2 CC6.8 | Process execution monitoring with namespace context |
|
||||
| Container isolation enforcement | NIST 800-190 4.2 | Namespace escape detection and blocking |
|
||||
| Audit trail generation | ISO 27001 A.12.4 | JSON event export to SIEM systems |
|
||||
| Incident response automation | NIST CSF DE.AE | Real-time Sigkill enforcement on policy violations |
|
||||
Reference in New Issue
Block a user